Posts tagged ‘Data Loss’
A SAIC employee was tasked with taking backup tapes from one facility to another. The employee leaves the tapes in his 2003 Honda Civic for 8 hours. The tapes and car radio were stolen. The tapes contain 4.9 million Tricare medial records ( a good reason to not have your social security number as the ID number on the medical records).
A SAIC spokesman said “[the tapes] were being relocated in hopes of finding a way to encrypt the data so the tapes could work with an operating system.”
Symantec Endpoint Protection 11.0.6 is available on fileconnect. The release notes are here.
Release Highlights
•”Symantec Protection Center v1.0″ introduces a centralized management console with single sign-on to integrated Symantec applications including Endpoint Protection, Brightmail Gateway, Data Loss Prevention, Web Gateway, Critical System Protection, and IT Analytics
•”SEP Manager Web Console” delivers web-based access to SEP Manager in addition to the legacy JAVA console
•”SEP for Mac” provides integrated management and reporting of Mac and Windows clients in the SEP Manager
•Randomizing scan start time improves support for clients in virtualized environments
•The Symantec Endpoint Recovery Tool allows customers to scan and remove malware from client computers that the SEP client is unable to remediate effectively
•Enhanced default Antivirus and Antispyware security settings make SEP more efficient at detecting malware
•Includes over 155 customer reported defects
One of the defects may be one I’ve had a case open on for more than a year.
Auto Location Switching does not recognize 144 Mb/sec 802.11n connections
Fix ID: 1927272
Symptom: Auto Location Switching does not switch a client to a 144Mbs wireless connection
Solution: Added support for a 144Mbps wireless connection.
I’m hopeful that this will solve the location awareness issues when 802.11n is used. I’ve been told that wouldn’t be fixed until RU6MP1. But we’ll see what this does.
Another writeup of on the release is here.
A new Gartner Magic Quadrant covering Data Loss Prevention was released this week. Eric Ouellet spoke on this at Pre-Conference for Gartner’s Security Summit.
In spite of several years of DLP hype, Ouellet indicated that it is not yet at the sweet spot in the security product hype cycle. People who implement DLP often don’t have fully formed goals, they leave the product in monitor only mode and they are disappointed with the results.
It is important first to define terms, Garnter has begun calling it Content Aware DLP. This is a DLP that is content or context aware. Many vendors say they have Data Loss Prevention. To a specific definition this is true, anything that prevents data from leaking is DLP. Under this definition vendors have claimed that USB port controls, Enterprise Digital Rights Management, hard disk encryption, and file tagging are DLP. None of those devices are aware of the content of the data. To differentiate those products from the traditional DLP product space, Gartner uses the term Content Aware DLP.
Two trends have occurred since I’ve looked at DLP last. Antivirus vendors have taken the lead (through purchase) and added client DLP agents to their suite. Also it is no longer Network based agents versus the desktop agent. It is necessary to have both unless you are only after a specific monitoring purpose.
With DLP I have always struggled with the use case. Its pretty easy to install and report on credit card or social security numbers. But how does the DLP find what is important to my company. I dont even know what should be protected. The limited FIPS data classification that we’ve done doesn’t help either. I did learn that 90 percent of deployments are for compliance purposes (PCI, HIPPA) rather than for the protection of Intellectual Property.
The message I heard was ‘if you don’t know you need DLP, then you don’t need it.’ Too often people think they need it because its been written about in the tech press. If you are going to move forward, good general advice is don’t let the vendors website write your RFP. Dont write in requirements you wont use. Certainly dont use requirements you wont use as a differentiator between vendors. Be aware of the false sense of security that DLP can provide.
Ouellet closed advising that DLP is like a magnifying glass and the corporation is Pandora’s box. You’re going to find out things you didn’t want to know. Rather than being the impetus for budget justification, in some companies it has called the use of the existing budget into question.
Last month, I read a blog entry over at zatznotfunny about Mozy that got me thinking. Perhaps its time to give in to best practice and backup my stuff. I last backed up my home computer in 1995. It was an AST computer with a built in tape drive of some sort. That computer has been in a closet for 8 years.
Backing up to a USB (or preferably eSATA) hard drive is fine, but if you don’t take the drive to another location you still have potential data loss issues. Once you’ve done that, how do you guarantee a reasonable schedule for backing up?
Some people suggest that I back up to the extra disk space provided by my web provider. If I did that, I would have to somehow schedule backing up, encrypting the data and copying it to the remote server. My web provider’s Terms of Service state that the storage space is for files necessary to the website. So that is not allowed anyway. Others mention Google Mail or Amazon’s S3 service as a great way to store data cheaply. I think its important to have software that you can count on to back the files up. I don’t want a kludge.
So that brought me to Mozy. Free for the first 2 GB of data or 4.95 per month for unlimited. That sounded pretty good. If you exclude your media the free account may be good enough. If you want to backup the videos of the kids first recital, than cough up the dough for the unlimited account. ArsTechnica had a review in July of several similar products and Mozy came out on top. After checking out their site, I googled to get the other side. A CNet blogger doesn’t like it, but I think he’s being unusually picky.
As I mentioned, data privacy is a concern when you send you data away. With Mozy there is an option to backup with their key or with a key you provide. The more paranoid would say that since it is their software doing the encryption, either key could really be known and stored by them. I chose to go with them picking the key for easier recoverability. I’ll choose to trust their privacy policy that they do not look in data files. Hopefully controls are in place to prevent low level, uncleared employees from obtaining access.
My data is encrypting now. So far I’m pretty pleased. I’ll have to test recovery (they say it may take some time to create the recovery set for you).
As I say, I just installed it, so I’m not giving a full recommendation. However, you do need to be doing something with backup. If you do choose to try out Mozy, please use this link https://mozy.com/?ref=M447CB. If you sign up from that link and begin backing up data, we’ll both get a free256 MB bump up.
McAfee called me earlier this week about their Data Loss Prevention Host software. In addition to host-based software, they have an appliance check for leakage at the network boundary. Enterprises that have implemented full disk encryption now realize that their data is at risk from more than just a stolen laptop. Social Security Numbers, Credit Card info and company proprietary information are routinely passed over the Internet in plain text at many companies.
I haven’t looked into this McAfee product, but I see their interest as a validation that this marketspace will continue to develop.
